Learning More About YAML Deserialization
Published in
4 min readJun 12, 2022
Introduction
Deserialization attacks are quite popular when it comes to programming languages such as Java, Python, and Ruby. These flaws manifest themselves when a stream of data is directly deserialized without any checks being performed first, and they might result in the execution of remote code.